On Fri, May 28, 2021 at 7:12 AM Mike Kravetz <mike.kravetz@xxxxxxxxxx> wrote:
>
> The routine dissolve_free_huge_page can be passed the tail page of a
> hugetlb page. The tail page is incorrectly passed on to the routines
> alloc_huge_page_vmemmap and add_hugetlb_page which expect a hugetlb
> head page.
>
> Operating on a tail page instead of head page could result in addressing
> exceptions or vmemmap corruption.
>
> Signed-off-by: Mike Kravetz <mike.kravetz@xxxxxxxxxx>
> ---
> The code with this issue is only in mmotm (and next). Specifically
> mm: hugetlb: alloc the vmemmap pages associated with each HugeTLB page
> Andrew, I assume you will fix in your tree.
Sorry. It's my bad commit. Thanks Mike for fixing this. I suspect this
should be squashed to "mm: hugetlb: alloc the vmemmap pages
associated with each HugeTLB page".
Reviewed-by: Muchun Song <songmuchun@xxxxxxxxxxxxx>
Thanks.
>
> mm/hugetlb.c | 4 ++--
> scripts/rust-version.sh | 0
> 2 files changed, 2 insertions(+), 2 deletions(-)
> mode change 100644 => 100755 scripts/rust-version.sh
>
> diff --git a/mm/hugetlb.c b/mm/hugetlb.c
> index 69a4b551c157..d2461c1f32dd 100644
> --- a/mm/hugetlb.c
> +++ b/mm/hugetlb.c
> @@ -1954,7 +1954,7 @@ int dissolve_free_huge_page(struct page *page)
> * Attempt to allocate vmemmmap here so that we can take
> * appropriate action on failure.
> */
> - rc = alloc_huge_page_vmemmap(h, page);
> + rc = alloc_huge_page_vmemmap(h, head);
> if (!rc) {
> /*
> * Move PageHWPoison flag from head page to the raw
> @@ -1968,7 +1968,7 @@ int dissolve_free_huge_page(struct page *page)
> update_and_free_page(h, head, false);
> } else {
> spin_lock_irq(&hugetlb_lock);
> - add_hugetlb_page(h, page, false);
> + add_hugetlb_page(h, head, false);
> h->max_huge_pages++;
> spin_unlock_irq(&hugetlb_lock);
> }
> diff --git a/scripts/rust-version.sh b/scripts/rust-version.sh
> old mode 100644
> new mode 100755
> --
> 2.31.1
>
